Iphone Os Security Vulnerabilities and Issues — Page 42 of Iphone Os CVE List

9.3CVSS8.3AI score0.00262EPSS

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.08398EPSS

CVE-2016-4730

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

6.5CVSS6.1AI score0.01043EPSS

CVE-2016-4758

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.5AI score0.0107EPSS

CVE-2016-4760

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

CVE•added 2016/09/25 11:0 a.m.•62 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2439

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial...

7.1CVSS6.8AI score0.00614EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2457

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web si...

8.8CVSS8AI score0.02526EPSS

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7085

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.

6.5CVSS6.1AI score0.00765EPSS

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7131

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app.

5.5CVSS5.2AI score0.00197EPSS

CVE•added 2019/01/11 6:29 p.m.•62 views

CVE-2018-4189

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

10CVSS8.6AI score0.00757EPSS

CVE•added 2019/04/03 6:29 p.m.•62 views

CVE-2018-4248

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

7.5CVSS5.8AI score0.02821EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8567

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.

7.5CVSS7.4AI score0.00399EPSS

CVE•added 2021/12/23 8:15 p.m.•62 views

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

9.8CVSS7.9AI score0.00868EPSS

CVE•added 2020/10/27 8:15 p.m.•62 views

CVE-2019-8715

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.2AI score0.00257EPSS

CVE•added 2020/10/27 8:15 p.m.•62 views

CVE-2019-8753

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS6.1AI score0.00433EPSS

CVE•added 2020/02/27 9:15 p.m.•62 views

CVE-2020-3831

A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.

7.6CVSS6.8AI score0.00293EPSS

CVE•added 2020/02/27 9:15 p.m.•62 views

CVE-2020-3873

This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews.

3.3CVSS4.4AI score0.00153EPSS

CVE•added 2020/10/16 5:15 p.m.•62 views

CVE-2020-9933

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

4.3CVSS4.6AI score0.00216EPSS

CVE•added 2021/09/08 3:15 p.m.•62 views

CVE-2021-1865

An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

5CVSS5.1AI score0.001EPSS

CVE•added 2021/09/08 2:15 p.m.•62 views

CVE-2021-30753

Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.

5.5CVSS5.4AI score0.00269EPSS

CVE•added 2021/09/08 2:15 p.m.•62 views

CVE-2021-30756

A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2021/09/08 2:15 p.m.•62 views

CVE-2021-30804

A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.

4.3CVSS4.7AI score0.0018EPSS

CVE•added 2021/08/24 7:15 p.m.•62 views

CVE-2021-30925

The issue was addressed with improved permissions logic. This issue is fixed in watchOS 8, macOS Big Sur 11.6, iOS 15 and iPadOS 15. A malicious application may be able to bypass Privacy preferences.

9.1CVSS7.2AI score0.00232EPSS

2.4CVSS4AI score0.0008EPSS

CVE-2022-32879

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.

3.3CVSS4.8AI score0.0005EPSS

CVE-2022-32913

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.

7CVSS7.5AI score0.00083EPSS

CVE-2022-42791

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

5.5CVSS5.8AI score0.00063EPSS

CVE-2022-42810

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.

CVE•added 2023/06/23 6:15 p.m.•62 views

CVE-2023-32410

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.

5.5CVSS5.4AI score0.00031EPSS

6.5CVSS5.8AI score0.00167EPSS

CVE-2023-40420

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

7.1CVSS6.1AI score0.00021EPSS

CVE-2023-40454

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.

3.3CVSS3.7AI score0.00026EPSS

CVE-2023-41065

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.

5.5CVSS4.9AI score0.00039EPSS

CVE-2023-41070

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.